Hello Dominik,

I haven't done it myself, but I'd start here:

https://www.freeipa.org/page/Web_App_Authentication

Rafael

On Thu, Apr 16, 2020 at 5:11 AM Dominik Vogt via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:
Hi folks,

on RHEL8.0, we've set up a small cluster with a FreeIPA server and
two clients, one running a browser (Firefox) and the other running
a web server (tomcat).  (IdM is still configured with the
defaults.)

Now, what is the proper way to tackle fine grained access control
to the web service?  We want to do something like the IdM server
GUI, i.e. some users are authorized to use all the functions of
the GUI, others are restricted to editing or viewing a limited set
of pages, and others are locked out.  So far I've looked into host
based authentication, but that doen't seem to solve the task at
hand.  All access control should be done through Kerberos tickets.

A pointer to related documentation would also help.

Ciao

Dominik ^_^  ^_^

--

Dominik Vogt

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org


--
Rafael Guterres Jeffman
Senior Software Engineer 
FreeIPA - Red Hat